Update to fetch cert twice to allow easier renewal. #4

Merged
dracos merged 1 commits from fetch-cert-twice into master 2018-08-23 22:45:42 +00:00
3 changed files with 10 additions and 8 deletions

View File

@ -1,4 +1,3 @@
#!/usr/bin/env bash #!/usr/bin/env bash
service nginx stop
letsencrypt renew letsencrypt renew
service nginx start service nginx reload

View File

@ -2,15 +2,11 @@
# This role install nginx, configures it and sets up a Let's Encrypt certificate for the # This role install nginx, configures it and sets up a Let's Encrypt certificate for the
# Mastodon instance # Mastodon instance
- name: Install nginx and letsencrypt - name: Install nginx and certbot
apt: name={{ item }} state=latest update_cache=yes apt: name={{ item }} state=latest update_cache=yes
with_items: with_items:
- nginx - nginx
- letsencrypt - letsencrypt
- name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ ansible_nodename }} --email "webmaster@{{ ansible_nodename }}"
- name: Remove default nginx config in sites-enabled - name: Remove default nginx config in sites-enabled
file: file:
path: /etc/nginx/sites-enabled/default path: /etc/nginx/sites-enabled/default
@ -24,8 +20,14 @@
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
state: link state: link
- name: Start nginx - name: Stop nginx for now
service: name=nginx state=stopped
- name: Generate standalone Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --agree-tos --standalone -d {{ LOCAL_DOMAIN }} --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Restart nginx
service: name=nginx state=started service: name=nginx state=started
- name: Generate webroot Let's Encrypt TLS certificate for Mastodon instance
shell: letsencrypt certonly -n --webroot -d {{ LOCAL_DOMAIN }} -w /home/mastodon/live/public/ --email "webmaster@{{ LOCAL_DOMAIN }}"
- name: Copy and enable Let's Encrypt renew script - name: Copy and enable Let's Encrypt renew script
copy: copy:
src: letsencrypt-renew.sh src: letsencrypt-renew.sh

View File

@ -8,6 +8,7 @@ server {
listen [::]:80; listen [::]:80;
server_name {{ LOCAL_DOMAIN }}; server_name {{ LOCAL_DOMAIN }};
# Useful for Let's Encrypt # Useful for Let's Encrypt
root /home/mastodon/live/public;
location /.well-known/acme-challenge/ { allow all; } location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; } location / { return 301 https://$host$request_uri; }
} }